From b520dcc66084497a75d44f3946b1fda079e47f61 Mon Sep 17 00:00:00 2001 From: EndMove Date: Thu, 1 Apr 2021 20:14:13 +0200 Subject: [PATCH] Add SSL Certificate Openfire can now work with the SSL certificate of the server on which the container is running. --- Dockerfile | 5 +++++ README.md | 22 +++++++++++++++++++++- build_version | 1 + entrypoint.sh | 9 +++++++++ 4 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 build_version diff --git a/Dockerfile b/Dockerfile index e198c59..91c4db0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,11 @@ RUN apt-get -y update \ COPY ["copyright", "LICENSE", "entrypoint.sh", "/usr/local/bin/"] RUN chmod 755 /usr/local/bin/entrypoint.sh +# create ssl folder +RUN mkdir /usr/share/openfire/ssl; \ + chmod -R 0750 /usr/share/openfire/ssl; \ + chown -R ${OPENFIRE_USER}:${OPENFIRE_USER} /usr/share/openfire/ssl + # expose ports EXPOSE 5222/tcp 5223/tcp 5229/tcp 5262/tcp 5263/tcp 5269/tcp 5270/tcp 5275/tcp 5276/tcp 7070/tcp 7443/tcp 7777/tcp 9090/tcp 9091/tcp diff --git a/README.md b/README.md index 7a2d458..0a9b915 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,26 @@ This Openfire installation script provides two important volume locations to tra --volume /home/openfire/log:/var/log/openfire ```` +### Openfire - SSL Certificate + +> To benefit from the SSL certificate of your server under Openfire place it under the name `ssl.pem` in this volume. +> Note: all communications between Openfire and users except those from the web interface ports: 9091 & 9090 are managed and encrypted using RSA, by Openfire automatically. + +````sh +# in container location: +/usr/share/openfire/ssl + +# recommended docker volume: +--volume /home/certificate/cert:/usr/share/openfire/ssl:ro +```` + +Ceci est un exemple du contenu du dossier `/home/certificate/cert` + +````txt +. +└── ssl.pem +```` + ## Update ? When an update of Openfire is available and I updated the repository you just have to remove and install again the container to migrate to the new version. @@ -123,4 +143,4 @@ __WARNING__: this requires that you store the Openfire data as recommended above - [x] Log file available out of container. - [x] Configuration file, security and embedded-database available out of the container. - [x] Makes available all the ports available in Openfire version 4.6.2. -- [ ] Allows the import of SSL certificates that are external to the container. +- [x] Allows the import of SSL certificates that are external to the container. diff --git a/build_version b/build_version new file mode 100644 index 0000000..3208b09 --- /dev/null +++ b/build_version @@ -0,0 +1 @@ +4.6.2 \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 6dc076b..3ea0bd8 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -36,6 +36,15 @@ initialization() { chmod -R 0755 ${OPENFIRE_LOG_DIR} chown -R ${OPENFIRE_USER}:${OPENFIRE_USER} ${OPENFIRE_LOG_DIR} + # manage certificate if available + if [ -e /usr/share/openfire/ssl/ssl.pem ]; then + [ -e ${OPENFIRE_DATA_DIR}/conf/security/keystore ] && rm -f ${OPENFIRE_DATA_DIR}/conf/security/keystore + [ -e ${OPENFIRE_DATA_DIR}/conf/security/ssl-tmp.pem ] && rm -f ${OPENFIRE_DATA_DIR}/conf/security/ssl-tmp.pem + cp -f /usr/share/openfire/ssl/ssl.pem ${OPENFIRE_DATA_DIR}/conf/security/ssl-tmp.pem + cd ${OPENFIRE_DATA_DIR}/conf/security/ + printf "changeit\nchangeit\nyes" | keytool -import -v -keystore keystore -alias openfire-docker -file ssl-tmp.pem + fi + # create build version file and update it CURRENT_VERSION=1.0.0 [ -f ${OPENFIRE_DATA_DIR}/openfire_version ] && CURRENT_VERSION=$(cat ${OPENFIRE_DATA_DIR}/openfire_version)